4. GDPR compliance

GDPR compliance

  • M

    Is anyone dealing with this?
    I have done quick preliminary analysis and the result is that I would need to have ability to set log retention period for captive portal logs.

    0
  • N

    There's nothing to deal with.

    Set up a syslog server and store the data there.

    0
  • M

    @NogBadTheBad:

    There's nothing to deal with.

    Set up a syslog server and store the data there.

    But data (logs) remains also inside pfSense because remote syslogging means take a log and copy it to remote machine.

    0

  • @mdes:

    But data (logs) remains also inside pfSense because remote syslogging means take a log and copy it to remote machine.

    Have a look at these logs first  ;)

    Btw : pfSense uses circular logs that have a fixed size. This means that ones they are full, old information is overwritten. Which implies that old information will be is destroyed in a nearby future. They are auto-cleaning !

    As long as you, as an an admin, are not logging all kind of information like user traffic with the help of packages like, for example,  squid , you have nothing to do with this "private act".
    IP addresses, and even MAC addresses, are not considered as "private info" **.
    And even if you do, thing about destroying the info - and never use the info. Doing so, and you'll be fine for more then 99 %.
    Facebook and Google will take care of the latter 1 % soon.

    GDPR compliance, or not, it's true that many countries ask to log (local - so worth-less) IP addresses and MAC addresses when you offer an Internet access (with the help of the captive portal).

    ** and if they were, well, the guy who pretends so should not be using the "Internet" anymore as a public communication channel.

    0
  • C

    @mdes

    IP addresses are regarded as PII under GDPR, see ECJ ruling. Explanation here:

    https://www.enterprisetimes.co.uk/2016/10/20/ecj-rules-ip-address-is-pii/

    You'll need to have a "right to be forgotten" process for that log data plus you probably will have to declare the logs existence in your data policies.

    0
  • C

    @mdes

    So you're probably aware of the following but it does cover what i understand to be the most relevant aspects of GDPR in relation to a pfSense device.

    https://www.firewallhardware.it/en/gdpr-pfsense-opnsense/

    You'll know what you are using the device for, so some aspects will affect you more than others.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy